SCAM ALERT: Pinterest Accounts Being Hacked By Scammers

The Better Better Business Bureau is advising that consumers exercise caution regarding unusual activity on the social networking site Pinterest.

How the scam works

The user receives an email from Pinterest that implies a friend has shared a "pin" (the term Pinterest uses for a digital scrapbook image) with the user. The email and link seem legitimate, prompting the user to click on it.

The image is different from what a friend typically pins, but it looks real. Common scam pins include celebrity and beauty photos, giveaway offers, before and after diet pics and even infographics. The images always have tantalizing captions that urge users to click.

But when the image is clicked, the user is not taken to an article or the real business's website. Instead, the user is directed to a site selling counterfeit products, featuring a bogus news story or promoting work from home opportunities, among others.

Scammers use many techniques to gain access to accounts. They may take advantage of security holes in third party applications that connect to Pinterest (such as those that automatically post your pins on Twitter) or insert malicious code into the "Pin This" buttons on other websites.

How Users Can Keep Pinterest Accounts Secure:

Report the pin: Spot a spam pin? Report it to Pinterest by clicking the flag icon at the bottom of the image.

Change your password. If you suspect someone hacked your account or you used a malicious app, be sure to reset your password. Do this by clicking your name at the top of Pinterest. Then, click Settings. Follow the prompts to create a new, complex, password.

Log out of your account : Don't stay logged into Pinterest when you aren't using it.

Watch where you log in . Only log in on Pinterest.com and the official mobile app. Avoid look alike sites that use a domain name such as www.pinterest.something.com. These are not affiliated with Pinterest.

Be careful about linking your account to other social media . If scammers get in, they can easily share spam pins on your Twitter and Facebook feeds too.

Check before you pin. Before you repin, take a second to hover on the image and check that destination link corresponds with the info on the pin. Scammers have been replacing the links in popular pins with links to websites housing malware.

Epsilon

March 2011

Tens of millions affected

In March 2011, Epsilon, the world's largest permission-based email marketing service, announced that the names and email addresses of customers of Citigroup, TiVo, and many other U.S. companies, were exposed in a huge data breach. The hack affected names and email addresses stored in over 108 retail stores, major financial firms and non-profit organizations like College Board. At the time of the incident, Epsilon had more than 2,500 clients sending 40 billion emails annually.

Result: Epsilon notified clients of the breach on April 1. Epsilon's clients then notified their customers of the hack. Epsilon has stated that 50 clients were affected, but the exact number of names and email addresses has not been released. Computerworld.com estimated that "tens of millions" of people were affected.

Sony

April 2011

77 million customers affected

In the spring of 2011, Sony was hacked through its through its PlayStation Network twice. The first security breach exposed customers' personal information to hackers, but not their credit card information. The second hack, disclosed in late April, did result in customers' credit card information being stolen. The pair of hacks affected 77 million people.

Result: Two weeks after the breach, Sony released a PlayStation 3 firmware update as a security patch. The firmware required users to change their password.

Global Payment Systems

March 2012

7 million customers affected

In the spring of 2012, the credit card processor service Global Payment Systems discovered that 1.5 million credit card records had been stolen from its system. Additionally, roughly 5.5 million consumer records were compromised, bringing the total to 7 million.

Result: As a result of the breach, Global Payments was delisted until it could prove it was in compliance with security standards. In April 2013, the payment card networks returned Global Payments its client list after it proved it was compliant with security standards.

Adobe Systems

October 2013

152 million customers affected

In October, the computer software company Adobe disclosed that hackers obtained personal data for almost 38 million of its customers, including names, credit and debit card numbers, and expiration dates. In November, it was discovered that the hackers had posted the personal data of more than 150 million Adobe users.

Adobe Call Center: 1-800-833-6687

For more information, Rhode Islanders may contact the Consumer Protection Unit at the Office of Attorney General at 401-274-4400 or by email at [email protected].

Target

December 2013

110 million customers affected

In December, Target announced that 40 million customer accounts were hacked stealing encrypted PIN numbers, credit and debit card numbers, card expiration dates, and the embedded code on the magnetic strip on the back of cars. Additionally, 70 million customers' personal information was compromised.

Target Call Center: 1-800-440-0680

For more information, Rhode Islanders may contact the Consumer Protection Unit at the Office of Attorney General at 401-274-4400 or by email at [email protected].

Neiman Marcus

January 2014

1.1 million customers affected

In January, high-end retailer Neiman Marcus revealed more than 1.1 million customers were affected in hack. Between July 2013 and October 2013, customer payment cards could have been potentially visible to hackers. Additionally, 2,400 unique customer payment cards used at Neiman Marcus stores were subsequently used fraudulently.

Neiman Marcus Call Center: 1-888-888-4757

For more information, Rhode Islanders may contact the Consumer Protection Unit at the Office of Attorney General at 401-274-4400 or by email at [email protected].

Yahoo

January 2014

Up to 81 million U.S. users

Late last month, Yahoo disclosed that Yahoo's email customers may have had their passwords compromised through a third-party application. The web company recently identified a coordinated effort to gain unauthorized access to Yahoo Mail accounts, and notified RI Attorney General Peter Kilmartin. Upon discovery, the Company took action, urging users to reset passwords on impacted accounts.

Yahoo Call Center: 1-800-318-0612

For more information, Rhode Islanders may contact the Consumer Protection Unit at the Office of Attorney General at 401-274-4400 or by email at [email protected].

Michaels Stores

January 2014

Number of affected customers yet to be determined

In January, Michaels Stores announced that it is investigating a possible data security breach that may have led to customers' debit and credit card information being compromised. Michaels has more than 1,250 locations in the United States, including four in Rhode Island.

Michaels Stores Call Center: 1-800-642-4235

For more information, Rhode Islanders may contact the Consumer Protection Unit at the Office of Attorney General at 401-274-4400 or by email at [email protected].

White Lodging - Marriott, Hilton, Sheraton, Westin

February 2014

Number of affected customers yet to be determined

This week, the hospitality company White Lodging Services announced that a data breach occurred at 14 of its properties including Marriott, Radisson, Renaissance, Sheraton, Westin and Holiday Inn franchises around the country. Compromised information may have included names printed on credit or debit cards, the actual numbers, the security codes and expiration dates.

White Lodging Call Center: 219-472-2900.

For more information, Rhode Islanders may contact the Consumer Protection Unit at the Office of Attorney General at 401-274-4400 or by email at [email protected].